如何配置对 EC2 实例的直接 http 访问? [英] How to configure direct http access to EC2 instance?
问题描述
这是一个非常基本的 Amazon EC2 问题,但我很困惑,所以这里是.
This is a very basic Amazon EC2 question, but I'm stumped so here goes.
我想启动一个 Amazon EC2 实例并允许在端口 80 和 8888 上访问 HTTP从任何地方.到目前为止,我什至不能允许实例使用这些端口连接到它自己的 IP 地址(但它会连接到 localhost).
I want to launch an Amazon EC2 instance and allow access to HTTP on ports 80 and 8888 from anywhere. So far I can't even allow the instance to connect to on those ports using its own IP address (but it will connect to localhost).
我使用管理控制台(以及 SSH)上的标准 HTTP 选项为 HTTP 配置了默认"安全组.
I configured the "default" security group for HTTP using the standard HTTP option on the management console (and also SSH).
我在默认安全组中启动了我的实例.
I launched my instance in the default security group.
我在 SSH 端口 22 上连接到实例两次,并在一个窗口中启动了一个 HTTP 服务器在端口 80 上.在另一个窗口中,我验证我可以使用localhost"连接到 HTTP.
I connected to the instance on SSH port 22 twice and in one window launch an HTTP server on port 80. In the other window I verify that I can connect to HTTP using the "localhost".
但是,当我尝试使用公共 DNS 或私有 IP 地址从实例(或其他任何地方)访问 HTTP 时,我遇到连接被拒绝".
However when I try to access HTTP from the instance (or anywhere else) using either the public DNS or the Private IP address I het "connection refused".
请问我做错了什么?
下面是一个控制台片段,显示了成功的 wget 和从实例本身运行的两个失败的 wget.
Below is a console fragment showing the wget that succeeds and the two that fail run from the instance itself.
--2012-03-07 15:43:31-- http://localhost/
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: /__whiff_directory_listing__ [following]
--2012-03-07 15:43:31-- http://localhost/__whiff_directory_listing__
Connecting to localhost|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: "__whiff_directory_listing__"
[ <=>
] 7,512 --.-K/s in 0.03s
2012-03-07 15:43:31 (263 KB/s) - "__whiff_directory_listing__" saved [7512]
[ec2-user@ip-10-195-205-30 tmp]$ wget http://ec2-50-17-2-174.compute-1.amazonaws.com/
--2012-03-07 15:44:17-- http://ec2-50-17-2-174.compute-1.amazonaws.com/
Resolving ec2-50-17-2-174.compute-1.amazonaws.com... 10.195.205.30
Connecting to ec2-50-17-2-174.compute-1.amazonaws.com|10.195.205.30|:80... failed:
Connection refused.
[ec2-user@ip-10-195-205-30 tmp]$ wget http://10.195.205.30/
--2012-03-07 15:46:08-- http://10.195.205.30/
Connecting to 10.195.205.30:80... failed: Connection refused.
[ec2-user@ip-10-195-205-30 tmp]$
推荐答案
标准的 tcp 套接字接口要求您在发送或侦听时绑定到特定的 IP 地址.有几个有点特殊的地址:localhost(您可能很熟悉),即 127.0.0.1.还有一个特殊的地址,0.0.0.0 或 INADDR_ANY(互联网协议,ANY ADDRESS 的特殊简写).这是一种侦听主机上的任何或更常见的所有地址的方法.这是一种告诉内核/堆栈您对特定 IP 地址不感兴趣的方法.
The standard tcp sockets interface requires that you bind to a particular IP address when you send or listen. There are a couple of somewhat special addresses: localhost (which you're probably familiar with) which is 127.0.0.1. There's also a special address, 0.0.0.0 or INADDR_ANY (internet protocol, special shorthand for ANY ADDRESS). It's a way to listen on ANY or more commonly, ALL addresses on the host. This is a way to tell the kernel/stack that you're not interested in a particular IP address.
因此,当您设置侦听localhost"的服务器时,您是在告诉服务您要使用只能由该主机的用户访问的特殊保留地址,并且该地址存在于与 localhost 建立连接的每个主机都只会到达您从中发出请求的主机.
So, when you're setting up a server that listens to "localhost" you're telling the service that you want to use the special reserved address that can only be reached by users of this host, and while it exists on every host, making a connection to localhost will only ever reach the host you're making the request from.
如果您希望服务随处可见(在本地主机上、所有接口上等),您可以指定 0.0.0.0.
When you want a service to be reachable everywhere (on a local host, on all interfaces, etc.) you can specify 0.0.0.0.
这篇关于如何配置对 EC2 实例的直接 http 访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
